Switch tests from sudo to become. (#17694)

This commit is contained in:
Matt Clay 2016-09-21 13:58:35 -07:00 committed by GitHub
parent 23651b657e
commit 39c5c558f8
9 changed files with 157 additions and 157 deletions

View file

@ -24,7 +24,7 @@
- hosts: ec2
gather_facts: no
remote_user: ec2-user
sudo: true
become: true
roles:
- { role: ec2_elb_instance_setup, tags: test_ec2_elb }

View file

@ -214,8 +214,8 @@
- name: overwrite the file as user nobody
copy: dest=/tmp/worldwritable/file.txt content="baz"
sudo: yes
sudo_user: nobody
become: yes
become_user: nobody
register: copy_result7
- name: assert the file was overwritten

View file

@ -92,8 +92,8 @@
- name: "shutdown the apache service on the first instance ({{ec2_provision_result.instances[0].public_ip}})"
service: name=httpd state=stopped
remote_user: "ec2-user"
sudo: yes
sudo_user: root
become: yes
become_user: root
delegate_to: "{{ec2_provision_result.instances[0].public_ip}}"
- name: assert that the httpd service was stopped

View file

@ -25,8 +25,8 @@
- debug: var=fetched
# TODO: check the sudo and non-sudo forms of fetch because in one form we'll do
# the get method of the connection plugin and in the sudo case we'll use the
# TODO: check the become and non-become forms of fetch because in one form we'll do
# the get method of the connection plugin and in the become case we'll use the
# fetch module.
- name: diff what we fetched with the original file
@ -82,8 +82,8 @@
- debug: var=fetched
# TODO: check the sudo and non-sudo forms of fetch because in one form we'll do
# the get method of the connection plugin and in the sudo case we'll use the
# TODO: check the become and non-become forms of fetch because in one form we'll do
# the get method of the connection plugin and in the become case we'll use the
# fetch module.
- name: diff what we fetched with the original file

View file

@ -70,8 +70,8 @@
- name: Ask to create a file without enough perms to change ownership
file: path=/tmp/worldwritable/baz.txt state=touch owner=root
sudo: yes
sudo_user: nobody
become: yes
become_user: nobody
register: chown_result
ignore_errors: True

View file

@ -2,8 +2,8 @@
# Create and destroy db
#
- name: Create DB
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
state: present
name: "{{ db_name }}"
@ -16,8 +16,8 @@
- "result.db =='{{ db_name }}'"
- name: Check that database created
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -26,8 +26,8 @@
- "result.stdout_lines[-1] == '(1 row)'"
- name: Run create on an already created db
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
state: present
name: "{{ db_name }}"
@ -39,8 +39,8 @@
- "result.changed == false"
- name: Destroy DB
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
state: absent
name: "{{ db_name }}"
@ -52,8 +52,8 @@
- "result.changed == true"
- name: Check that database was destroyed
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -62,8 +62,8 @@
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Destroy DB
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
state: absent
name: "{{ db_name }}"
@ -100,8 +100,8 @@
# Test encoding, collate, ctype, template options
#
- name: Create a DB with encoding, collate, ctype, and template options
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
@ -111,8 +111,8 @@
template: 'template0'
- name: Check that the DB has all of our options
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -126,8 +126,8 @@
- "'en_US' not in result.stdout_lines[-2]"
- name: Check that running db cration with options a second time does nothing
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
@ -143,8 +143,8 @@
- name: Check that attempting to change encoding returns an error
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'present'
@ -160,15 +160,15 @@
- 'result.failed == True'
- name: Cleanup test DB
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: '{{ db_name }}'
state: 'absent'
- shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql
sudo_user: postgres
sudo: True
become_user: postgres
become: True
register: result
- assert:
@ -179,8 +179,8 @@
# Create and destroy user
#
- name: Create a user
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
@ -193,8 +193,8 @@
- "result.changed == True"
- name: Check that they were created
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
@ -203,8 +203,8 @@
- "result.stdout_lines[-1] == '(1 row)'"
- name: Check that creating user a second time does nothing
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
@ -217,8 +217,8 @@
- "result.changed == False"
- name: Remove user
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
@ -230,8 +230,8 @@
- "result.changed == True"
- name: Check that they were removed
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
@ -240,8 +240,8 @@
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Check that removing user a second time does nothing
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
@ -253,16 +253,16 @@
- "result.changed == False"
- name: Create a user with all role attributes
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,login"
- name: Check that the user has the requested role attributes
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
register: result
@ -276,8 +276,8 @@
- "'login:t' in result.stdout_lines[-2]"
- name: Modify a user to have no role attributes
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
@ -290,8 +290,8 @@
- "result.changed == True"
- name: Check that the user has the requested role attributes
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
register: result
@ -305,8 +305,8 @@
- "'login:f' in result.stdout_lines[-2]"
- name: Modify a single role attribute on a user
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
@ -319,8 +319,8 @@
- "result.changed == True"
- name: Check that the user has the requested role attributes
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql
register: result
@ -334,15 +334,15 @@
- "'login:t' in result.stdout_lines[-2]"
- name: Cleanup the user
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
- name: Check that they were removed
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
@ -356,24 +356,24 @@
# Test db ownership
#
- name: Create an unprivileged user to own a DB
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
password: "md55c8ccfd9d6711fc69a7eae647fc54f51"
- name: Create db with user ownership
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
owner: "{{ db_user1 }}"
- name: Check that the user owns the newly created DB
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -383,8 +383,8 @@
- "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Change the owner on an existing db
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
@ -397,8 +397,8 @@
- "result.changed == True"
- name: Check that the user owns the newly created DB
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -408,15 +408,15 @@
- "'postgres' == '{{ result.stdout_lines[-2] | trim }}'"
- name: Cleanup db
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: "{{ db_name }}"
state: "absent"
- name: Check that database was destroyed
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -425,15 +425,15 @@
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
- name: Check that they were removed
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
@ -445,24 +445,24 @@
# Test settings privleges
#
- name: Create db
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: "{{ db_name }}"
state: "present"
- name: Create some tables on the db
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "create table test_table1 (field text);" | psql {{ db_name }}
- sudo_user: postgres
sudo: True
- become_user: postgres
become: True
shell: echo "create table test_table2 (field text);" | psql {{ db_name }}
- name: Create a user with some permissions on the db
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
@ -471,20 +471,20 @@
priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP'
- name: Check that the user has the requested permissions (table1)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that the user has the requested permissions (table2)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
- name: Check that the user has the requested permissions (database)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
@ -504,8 +504,8 @@
- "'{{ db_user1 }}=CTc/postgres' in result_database.stdout_lines[-2]"
- name: Add another permission for the user
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
encrypted: 'yes'
@ -520,8 +520,8 @@
- "results.changed == True"
- name: Check that the user has the requested permissions (table2)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
@ -538,8 +538,8 @@
#
- name: Revoke a privilege
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_privs:
type: "table"
state: "absent"
@ -555,8 +555,8 @@
- "results.changed == True"
- name: Check that the user has the requested permissions (table2)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
@ -566,8 +566,8 @@
- "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'"
- name: Revoke many privileges on multiple tables
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_privs:
state: "absent"
roles: "{{ db_user1 }}"
@ -582,14 +582,14 @@
- "results.changed == True"
- name: Check that permissions were revoked (table1)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were revoked (table2)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
@ -599,8 +599,8 @@
- "result_table2.stdout_lines[-1] == '(0 rows)'"
- name: Revoke database privileges
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_privs:
type: "database"
state: "absent"
@ -610,8 +610,8 @@
db: "{{ db_name }}"
- name: Check that the user has the requested permissions (database)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
@ -621,8 +621,8 @@
- "'{{ db_user1 }}' not in result_database.stdout"
- name: Grant database privileges
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_privs:
type: "database"
state: "present"
@ -638,8 +638,8 @@
- "results.changed == True"
- name: Check that the user has the requested permissions (database)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
@ -649,8 +649,8 @@
- "'{{ db_user1 }}=Cc' in result_database.stdout"
- name: Grant a single privilege on a table
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
@ -659,8 +659,8 @@
db: "{{ db_name }}"
- name: Check that permissions were added (table1)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
@ -670,8 +670,8 @@
- "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'"
- name: Grant many privileges on multiple tables
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_privs:
state: "present"
roles: "{{ db_user1 }}"
@ -680,14 +680,14 @@
db: "{{ db_name }}"
- name: Check that permissions were added (table1)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }}
register: result_table1
- name: Check that permissions were added (table2)
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }}
register: result_table2
@ -714,15 +714,15 @@
# Cleanup
#
- name: Cleanup db
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_db:
name: "{{ db_name }}"
state: "absent"
- name: Check that database was destroyed
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -731,15 +731,15 @@
- "result.stdout_lines[-1] == '(0 rows)'"
- name: Cleanup test user
sudo_user: postgres
sudo: True
become_user: postgres
become: True
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
- name: Check that they were removed
sudo_user: postgres
sudo: True
become_user: postgres
become: True
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result
@ -751,8 +751,8 @@
# Test login_user functionality
#
- name: Create a user to test login module parameters
sudo: True
sudo_user: postgres
become: True
become_user: postgres
postgresql_user:
name: "{{ db_user1 }}"
state: "present"
@ -769,8 +769,8 @@
login_host: "localhost"
- name: Check that database created
sudo: True
sudo_user: postgres
become: True
become_user: postgres
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -790,8 +790,8 @@
login_host: "localhost"
- name: Check that they were created
sudo: True
sudo_user: postgres
become: True
become_user: postgres
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql
register: result
@ -812,8 +812,8 @@
host: "localhost"
- name: Check that the user has the requested permissions (database)
sudo: True
sudo_user: postgres
become: True
become_user: postgres
shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }}
register: result_database
@ -833,8 +833,8 @@
login_host: "localhost"
- name: Check that they were removed
sudo: True
sudo_user: postgres
become: True
become_user: postgres
shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql
register: result
@ -851,8 +851,8 @@
login_host: "localhost"
- name: Check that database was destroyed
sudo: True
sudo_user: postgres
become: True
become_user: postgres
shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql
register: result
@ -864,15 +864,15 @@
# Cleanup
#
- name: Cleanup test user
sudo: True
sudo_user: postgres
become: True
become_user: postgres
postgresql_user:
name: "{{ db_user1 }}"
state: 'absent'
- name: Check that they were removed
sudo: True
sudo_user: postgres
become: True
become_user: postgres
shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql
register: result

View file

@ -242,8 +242,8 @@
#- name: overwrite the file as user nobody
# win_copy: dest=/tmp/worldwritable/file.txt content="baz"
# sudo: yes
# sudo_user: nobody
# become: yes
# become_user: nobody
# register: copy_result7
#- name: assert the file was overwritten

View file

@ -70,8 +70,8 @@
#- name: Ask to create a file without enough perms to change ownership
# win_file: path=/tmp/worldwritable/baz.txt state=touch owner=root
# sudo: yes
# sudo_user: nobody
# become: yes
# become_user: nobody
# register: chown_result
# ignore_errors: True

View file

@ -50,8 +50,8 @@ class TestPlay(unittest.TestCase):
gather_facts=False,
connection='local',
remote_user="root",
sudo=True,
sudo_user="testing",
become=True,
become_user="testing",
))
def test_play_with_user_conflict(self):